System and method of authenticating individuals
First Claim
1. A method of authenticating an individual from at least one individual in an authentication system, including at least one dynamic password generator and at least one verifier, said dynamic password generator holding therein a first secret cryptographic key and a first dynamic variable, said verifier holding therein a second secret cryptographic key of said dynamic password generator and a second dynamic variable, said first and second dynamic variables being produced independently in said dynamic password generator and said verifier;
- said method comprising steps of;
(a) in the event of generating a dynamic password, performing following steps by a microprocessor in said dynamic password generator;
(a1) segmenting said first dynamic variable, based on a predefined segment length and positions, identifying a first segment initial value and a first offset for said first dynamic variable;
(a2) carrying out a first encryption process on said first secret cryptographic key, said first segment initial value and said first offset to produce a first dynamic cipher;
carrying out a second encryption process on said first secret cryptographic key and said first dynamic variable to produce a second dynamic cipher;
(a3) combining said first dynamic cipher and said second dynamic cipher to produce a dynamic password;
(b) transmitting said dynamic password to said verifier;
(c) in the event of verifying a password, performing following steps by a microprocessor in said verifier;
(c1) separating a received dynamic password into a third dynamic cipher and a fourth dynamic cipher;
based on a predefined segment length and positions, segmenting said second dynamic, variable to identify a second segment initial value and a second offset for said second dynamic variable; and
calculating at least one estimated segment initial value and an estimated range of offsets based on said second segment initial value and said second offset;
(c2) carrying out a third encryption process on said third dynamic cipher, an estimated segment initial value and said second secret cryptographic key to produce a third offset;
(c3) if said third offset is within the estimated range of offsets, restituting a third dynamic variable with said third offset and said estimated segment initial value;
carrying out a fourth encryption process on said second secret cryptographic key and said third dynamic variable to produce a verification code;
comparing said verification code with said fourth dynamic cipher;
if matching, enabling the user to access since the user is deemed legal and having the verification terminated;
if mismatching, or said third offset is not within the estimated range of offsets, judging whether there is another estimated segment initial value;
if there is no other estimated segment initial value, rejecting the user'"'"'s access and having the verification terminated since the user is deemed illegal; and
if there is another estimated segment initial value, fetching a next estimated segment initial value and going to step (c2).
0 Assignments
0 Petitions
Accused Products
Abstract
A method of dynamic password authentication used in an authentication system, in which a password generator applies a segmentation on its dynamic variable, according to predetermined segment length and positions, to produce a segment initial value and an offset for the dynamic variable. An encryption process applied on secret cryptographic key, segment initial value and offset results in the production of first dynamic cipher. Another encryption process applied on secret cryptographic key, dynamic variable etc results in the production of second dynamic cipher. Then first dynamic cipher and second dynamic cipher are combined to result in the production of a dynamic password. When a password undergoes verification executed by verifier, the verifier applies appropriate inverse processing. The present method can serve to enable the generator generated dynamic password to transmit synchronous information implicitly to verifier, which improves security in generation of a dynamic password and efficiency in password verification. Therefore reduction in costs of generator manufacture may be resulted.
161 Citations
24 Claims
-
1. A method of authenticating an individual from at least one individual in an authentication system, including at least one dynamic password generator and at least one verifier, said dynamic password generator holding therein a first secret cryptographic key and a first dynamic variable, said verifier holding therein a second secret cryptographic key of said dynamic password generator and a second dynamic variable, said first and second dynamic variables being produced independently in said dynamic password generator and said verifier;
- said method comprising steps of;
(a) in the event of generating a dynamic password, performing following steps by a microprocessor in said dynamic password generator;
(a1) segmenting said first dynamic variable, based on a predefined segment length and positions, identifying a first segment initial value and a first offset for said first dynamic variable;
(a2) carrying out a first encryption process on said first secret cryptographic key, said first segment initial value and said first offset to produce a first dynamic cipher;
carrying out a second encryption process on said first secret cryptographic key and said first dynamic variable to produce a second dynamic cipher;
(a3) combining said first dynamic cipher and said second dynamic cipher to produce a dynamic password;
(b) transmitting said dynamic password to said verifier;
(c) in the event of verifying a password, performing following steps by a microprocessor in said verifier;
(c1) separating a received dynamic password into a third dynamic cipher and a fourth dynamic cipher;
based on a predefined segment length and positions, segmenting said second dynamic, variable to identify a second segment initial value and a second offset for said second dynamic variable; and
calculating at least one estimated segment initial value and an estimated range of offsets based on said second segment initial value and said second offset;
(c2) carrying out a third encryption process on said third dynamic cipher, an estimated segment initial value and said second secret cryptographic key to produce a third offset;
(c3) if said third offset is within the estimated range of offsets, restituting a third dynamic variable with said third offset and said estimated segment initial value;
carrying out a fourth encryption process on said second secret cryptographic key and said third dynamic variable to produce a verification code;
comparing said verification code with said fourth dynamic cipher;
if matching, enabling the user to access since the user is deemed legal and having the verification terminated;
if mismatching, or said third offset is not within the estimated range of offsets, judging whether there is another estimated segment initial value;
if there is no other estimated segment initial value, rejecting the user'"'"'s access and having the verification terminated since the user is deemed illegal; and
if there is another estimated segment initial value, fetching a next estimated segment initial value and going to step (c2). - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- said method comprising steps of;
-
10. A method of authenticating an individual from at least one individual in an authentication system, including at least one dynamic password generator and at least one verifier, said dynamic password generator holding therein a first secret cryptographic key and a first dynamic variable, said verifier holding therein a second secret cryptographic key of said dynamic password generator and a second dynamic variable, said first and second dynamic variables being produced in concert but independently in said dynamic password generator and said verifier;
- said method comprising steps of;
(a) in the event of generating a dynamic password, performing following steps by a microprocessor in said dynamic password generator;
(a1) segmenting said first dynamic variable, based on a predefined segment length and positions, identifying a first segment initial value and a first offset for said first dynamic variable;
(a2) carrying out a first encryption algorithm on said first secret cryptographic key and said first segment initial value to output a first dynamic cryptographic key and a second dynamic cryptographic key;
generating a first dynamic transformation table based on said first dynamic cryptographic key;
translating said first offset into a first dynamic cipher by said first dynamic transformation table;
combining said second dynamic cryptographic key and said first offset to generate a fifth dynamic cryptographic key; and
carrying out a second encryption algorithm on said fifth dynamic cryptographic key and said first dynamic variable to produce a second dynamic cipher;
(a3) combining said first dynamic cipher and said second dynamic cipher to produce a dynamic password;
(b) transmitting said dynamic password to said verifier;
(c) in the event of verifying a password, performing following steps by a microprocessor in said verifier;
(c1) separating a received dynamic password into a third dynamic cipher and a fourth dynamic cipher;
segmenting said second dynamic variable, based on a predefined segment length and positions, identifying a second segment initial value and a second offset for said second dynamic variable; and
calculating at least one estimated segment initial value and an estimated range of offsets based on said second segment initial value and said second offset;
(c2) carrying out a third encryption algorithm on said second secret cryptographic key and an estimated segment initial value to output a third dynamic cryptographic key and a fourth dynamic cryptographic key;
generating a second dynamic transformation table based on said third dynamic cryptographic key, and translating said third dynamic cipher into a third offset by said second dynamic transformation table;
(c3) if said third offset is within the estimated range of offsets, restituting a third dynamic variable with said third offset and said estimated segment initial value;
combining said fourth dynamic cryptographic key and said third offset to generate a sixth dynamic cryptographic key;
carrying out a fourth encryption algorithm on said sixth dynamic cryptographic key and said third dynamic variable to produce a verification code;
comparing said verification code with said fourth dynamic cipher;
if matching, enabling the user to access since the user is deemed legal and having the verification terminated;
if mismatching, or said third offset is not within the estimated range of offsets, judging whether there is another estimated segment initial value;
if there is no another estimated segment initial value, rejecting the user'"'"'s access and having the verification terminated since the user is deemed illegal; and
if there is another estimated segment initial value, fetching a next estimated segment initial value and going to step (c2).
- said method comprising steps of;
-
24. A system of authenticating an individual from at least one individual in a computer network which includes at least one dynamic password generator and at least one verifier, said dynamic password generator holding therein a first secret cryptographic key and a first dynamic variable, said verifier holding therein a second secret cryptographic key of said dynamic password generator and a second dynamic variable, said first and second dynamic variables being produced independently in said dynamic password generator and said verifier;
- characterized in that
said dynamic password generator comprises;
means for segmenting said first dynamic variable, based on a predefined segment length and positions, and identifying a first segment initial value and a first offset for said first dynamic variable;
means for carrying out a first encryption process on said first secret cryptographic key, said first segment initial value and said first offset to produce a first dynamic cipher;
means for carrying out a second encryption process on said first secret cryptographic key and said first dynamic variable to produce a second dynamic cipher;
means for combining said first dynamic cipher and said second dynamic cipher to produce a dynamic password;
and that said verifier comprises;
means for separating a received dynamic password into a third dynamic cipher and a fourth dynamic cipher;
means for segmenting said second dynamic variable to identify a second segment initial value and a second offset for said second dynamic variable based on a predefined segment length and positions;
means for calculating at least one estimated segment initial value and an estimated range of offsets based on said second segment initial value and said second offset;
means for carrying out a third encryption process on said third dynamic cipher, an estimated segment initial value and said second secret cryptographic key to produce a third offset;
means for restituting a third dynamic variable with said third offset and said estimated segment initial value if said third offset is within the estimated range of offsets;
means for carrying out a fourth encryption process on said second secret cryptographic key and said third dynamic variable to produce a verification code;
means for comparing said verification code with said fourth dynamic cipher;
means for enabling the user to access if matching;
means for judging whether there is another estimated segment initial value, if mismatching, or said third offset is not within the estimated range of offsets;
means for rejecting the user'"'"'s access and having the verification terminated if there is no other estimated segment initial value;
means for fetching a next estimated segment initial value and giving control to said means for restituting a third dynamic variable if there is another estimated segment initial value.
- characterized in that
Specification